一些 SSH 知识
基本介绍
ssh -v user@ip
查看详细连接过程
操作
配置秘钥登录
# 生成秘钥
ssh-keygen
cd ~/.ssh
# 安装公钥
cat id_rsa.pub >> authorized_keys
# 给予权限
chmod 600 authorized_keys
chmod 700 ~/.ssh
# 配置sshd_config文件
PubkeyAuthentication yes
RSAAuthentication yes
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
# 秘钥登录完成后禁用密码登录
PasswordAuthentication no
ChallengeResponseAuthentication no
ssh-keygen -R domaon.com将指定的主机公钥指纹移出known_hosts文件
分发密钥实现免密登录
1.单个分发
# 生成密钥
ssh-keygen
# 分发密钥
ssh-copy-id root@ip
# 配置本机免密钥登录
vim ~/.ssh/config
Host sshtest
HostName ssh.test.com
User user
Port 2200
IdentityFile ~/.ssh/id_rsa_test
ssh sshtest
2.批量分发脚本实现
root用户的话注意ssh配置
host.txt
192.168.1.1 user password
192.168.1.2 user password
#!/bin/bash
# expect分发密钥
pushKey(){
addr=$1
user=$2
pw=$3
/usr/bin/expect <<-EOF
set timeout 10
spawn ssh-copy-id $user@$addr
expect {
"yes/no" { send "yes\n"; exp_continue }
"password:" { send "$pw\n" }
}
expect eof
EOF
}
# 本地是否有密钥
haveKey(){
if [ ! -f ~/.ssh/id_rsa ];then
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
else
echo "id_rsa has created ..."
fi
}
main(){
apt install -y expect
host=/tmp/host.txt
haveKey
while read line
do
# echo $line
user=`echo $line | cut -d " " -f 2`
ip=`echo $line | cut -d " " -f 1`
passwd=`echo $line | cut -d " " -f 3`
pushKey $ip $user $passwd
done < $host
}
main
问题
- 连接提示
Could not load host key: /etc/ssh/ssh_host_ed25519_key
ssh-keygen -A
service ssh restart